The largest malvertising campaign in 2017 involved 28 fake ad agencies, which were used to generate about one billion ad views across 62 per cent of ad-supported websites, according to publishing security biz Confiant.
By malvertising, we mean ads that try to trick people into installing fake Adobe Flash updates, bogus …

Re: A good thing

Re: A good thing

I was just about to post the same thing. There hasn't been a legitimate need for iFrames since XHR (AKA Ajax) requests were developed. At the moment they only seem to be be used for nefarious purposes. Yes, there will be a cost associated with getting rid of them for some legacy applications. But that's pretty much par for the course when it comes to web applications.

Re: I keep getting those

Re: I keep getting those

Microsoft do the same thing when you change the Windows 10 default browser from Edge to anything else - a stupid little message about how Edge is designed for Windows 10 and do you really want to change.

How far will Google to protect...

.... its lucrative ads business? Someone at Google must be really scared of the damage brought by those evil AD BLOCKERS!

Anyway Google is also one of the culprits that bloated browsers of too many useless and risky features to run as much as possible withing a browser because it's easier to steal user data that way (unless, of course, you have a whole OS to do it like Android or Windows 10).

Re: How far will Google to protect...

Isn't Google itself the biggest ad platform? It can be written "DoubleClick" but it's read "Google". So, instead of starting to fix the ad platform itself, and pave the way towards "responsible ads", Google just tries to put some weak defenses inside its browser, because it's cheaper than having to vet ads, or make them less "responsive" forbidding features that can be exploited to attack whoever display them.

In any ways, the very idea of "ad platforms" is broken - I have to display contents from third party sites I never requested, and which nobody really controls.

Think what would happen if ordering food at the restaurant, while it's being brought to you, an unknown someone else would be free to add things into your dish, just because the restaurant gets paid by some platform for it. Even if the food was free, I'd be very worried about eating it...

Re: How far will Google to protect...

"Isn't Google itself the biggest ad platform?"

Different kind of ads - The paid search ads that appear at the top of your search pages aren't affected by ad blockers and are plain text. Google is the biggest cheese in that context. For simplicity, I'm including Google Shopping in this category.

Youtube video ads are affected by adblockers but are HTML5 videos as opposed to flash or Java and as such, I'm not aware of any exploits that will get you screwed over. Because of youtube, Google is probably the biggest provider of video ads.

The ads this change affects are known as display ads. Google is a major player in this space but have nowhere near the dominance in the search and video channels.

"Different kind of ads" - are you sure?

It looks people know Google (Alphabet) very little.... and still believe it's still just a search engine with some free nice apps and now a browser.

Do you know DoubleClick, probably the largest ads platform around, is wholly owned by Google/Alphabet? And DoubleClick delivers ads made by others?

Google doesn't live of the "paid search ads" on its search page only, or Youtube, it does live of ads pushed by DoubleClick on many other sites that have nothing to do with Google but using DoubleClick to get paid to show ads.

Google, through its own sites, YouTube and DoubleClick, dominates the ads market, with the only competitor, still behind, being Facebook.

http://fortune.com/2017/07/28/google-facebook-digital-advertising/

http://fortune.com/2017/01/04/google-facebook-ad-industry/

Any decline in ads revenues if people start to block ads in their browsers would impact Google/Alphabet a lot....

Re: "Different kind of ads" - are you sure?

Believe me, working in digital marketing (Before you get your pitchforks out, this is mostly paid search and Google Shopping), I am painfully aware how Google works. Yes, All of DoubleClick is owned by Google but only part of DoubleClick is relevant to display ads. It's also a bid management platform for all the other types of ad that Google show.

My original post was intended to highlight that while, yes, overall, Google is the biggest marketing platform out there, it doesn't have the unquestionable dominance that it does in Search and would be much less affected proportionally than pure display providers.

"it doesn't have the unquestionable dominance that it does in Search"

Did you read the links above? Google *is* dominating ads services. Facebook is second, at some distance. Just look at the revenues:

https://www.theregister.co.uk/2017/07/25/alphabet_q2_fy2017/

Do you believe they come just from the Search Page and YouTube?

"but only part of DoubleClick is relevant to display ads."

Of course, but that's what allows the other parts of the business run - like setting targets (thanks to Alphabets slurping operations), and analyzing ad campaign results. The advertising exchange of DoubleClick is surely a risk to display malware-ads.

Do you believe advertiser would buy the services if their ads are not displayed? Google has more to lose than others, if ad-blocking becomes widespread. Its whole business is built on them.

Re: "it doesn't have the unquestionable dominance that it does in Search"

"Do you believe they come just from the Search Page and YouTube?"

No, not just from the search page and YouTube. I do believe that they are worth more to Google. The proportion of people that click the paid search ads is at least two orders of magnitude higher than display in my experience. Bear in mind that Paid search and Google Shopping are much much easier to make relevant for the search due to systems like dynamic keyword insertion and inventory management tools than display ads, even remarketing display ads. Also consider that if you're searching to buy something, there are potentially over ten paid links taking up the most valuable screen real estate above the fold.

And yes, in absolute terms, Google will lose more revenue from adblockers than other providers. In relative terms, they are propped up by the unaffected channels.

Re: How far will Google to protect...

This is why you should use adblockers

Everyone knows about malicious problems like these yet no one bothers to address the consequences, and many website would rather see that you turn off your adblocker in order for them to get their revenue. Now, I understand the motive, I really do, but when will people finally realize that adblockers aren't a convenience anymore but should be recognized as essential protection?

What I'm saying is that an adblocker should be getting the same treatment as an anti-virus tool on your computer. Websites wouldn't ask that you turn off your anti-virus so why make the exception for an adblocker?

See: the problem with ads is that you'll never know for sure where the junk is coming from. And even if you do know the source (Google ads comes to mind) then it's still no guarantee what so ever that everything people throw at you will be fully harmless. Heck; this article proofs as much!

In this day and age the use of adblockers has seriously evolved and should be considered a mandatory protection scheme. Yes, I feel for all those websites who try to make a bit of a profit but sorry: you got yourselves to blame for it in the first place. Instead of being satisfied with the target audience many companies strived for more and better coverage, even up to a point where malware became a thing.

Re: This is why you should use adblockers

1) You want to publish something -- so you pay the web hosting costs (that is BTW what I do).

2) Your web thingy does something others want -- so they pay for it.

Why is throwing ads at people as the sole business model fine, good, not at all crazy and everyone should be doing it? You just assume it, despite ads being one of the major reason why the web is the shithole it is nowadays.

Re: This is why you should use adblockers

Fair enough. But then there are people like me, who run a number of such sites. I pay out of pocket (hosting is really cheap, so it's affordable), have never run ads aside from my own for products I sell myself, and never will.

I don't mind adblockers (since I have no ads to block), and my sites are unlikely to go away in my lifetime. And there's nothing unique about me -- I am one amongst thousands who do the same thing.

Re: This is why you should use adblockers

The question is, are there any sites making legitimate use of this?

If not it is an easy decision, standards or not. If there are, then Chrome's market share dominance will probably end up forcing those sites to change how they work. Basically Google would be exercising the exact same control over the web that everyone (including Google's founders) rightly castigated Microsoft for.

Basically Microsoft doesn't want people using REAL ad blockers, so they figure if they can block the worst malware type spam advertising there will be less incentive for people to block all ads including all the ones Google makes money from!

Re: The question is, are there any sites making legitimate use of this?

This is just one of a whole suite of "interventions" backed by the "Web Incubator Community Group", which is part of the World Wide Web Consortium (W3C). Such tweaks are intended to become part of the standard, although the relevant standards aren't controlled by the W3C.

This particular change has been under discussion for two years with multiple attempts at implementation. And even this version only hits the beta channel on the next Chrome update.

Re: The question is, are there any sites making legitimate use of this?

Just noticed I said "Microsoft" in the second paragraph instead of Google. Guess I was mentally transported back a decade and a half when Microsoft was the evil company, instead of being the tech equivalent of the old Nazi with Alzheimer's you used to hate but now just looks pathetic.

The basic problem is

That there will always be a way to subvert legitimate functionality in some way.

Ads are a problem because they will never be server by the originating website, the ad company works it out. Ultimately ads should probably be in a non-trusted page element without all the rich (and destabilising) content. This would not be great even for the googleopoly.

It is also a relatively straightforward vector to exploit, not just for malware, for any other type of scam, all you need is a front company and some up-front cash.

Google are unilaterally deciding to change their delivery approach to web standards, but given the lengthy negotiations needed to change or replace them formally with entrenched and violently defended positions its not likely to happen any time soon.

Although in this case, I hope at least a proposal for a standards change is made in conjunction with this...Otherwise we are at the thin end of standards anarchy...

Legal liability?

This is why websites should be held legally liable for the third party content they choose to include on their pages. The excuse "oh but it was a third party advert that screwed you over" should simply not be tolerated. Whilst the websites can claim that their active inclusion of untrusted third party content isn't their responsibility there is no incentive to clean up the cesspit that is the online advertising market.

Once a couple of good lawsuits bring down a few major websites caught including dodgy adds there will be calls to do something about the dodgy adds that the add brokers simply will not be able to ignore. Websites will start using add platforms that offer financial guarantees, and/or indemnity against lawsuits. This will force the add platforms to vet the adds they include or face bankruptcy when a dodgy add hits the wrong person.

Re: Legal liability?

Re: Legal liability?

Sounds great, but also complicates the matter, and allows both to wring their hands while blaming the other.

No as far as the end user is concerned the Website should be held solely liable.

If the website then wants to sue the Add platform as per their mutual contract, that is a matter for the owners of the website. And if the add platform wants to sue the next party down the chain ... etc.

This Comments page only shows googletagservices.com; google-analytics.com; and s.dpmsrv.com

Looking at the Extension in Safari, it is described as: "DuckDuckGo Privacy Essentials" can red, modify and transmit content from all webpages. This could include sensitive information like passwords, phone numbers, and credit cards.

What, me paranoid? Certainly not! Even if I am, it does not mean that they are not after me. I always ensure that I am not logged in to any Google product (and check that I am not); funnily enough I see no targeted website and email advertising and only a very small amount of random crap. A couple of small simple text ads on a page is OK; and, If I find that I get value from a site, I do actually try and pay them...